Microsoft Launches Project Spartan Bounty
July 21, 2017 by

Microsoft is Turning the Tables on Russian Hackers with Lawyers

Microsoft is beginning counter measures against the alleged state-sponsored Russian hacking group known as Fancy Bear.

Linked with Russia’s covert military intelligence agency, Fancy Bear is commonly known for allegedly being the perpetrator of last year’s Democratic National Convention hack. According to the Daily Beast, the hacker group was sued in a federal court outside Washington DC by attorneys for software and technology giant Microsoft. The hacker group has been accused of computer intrusion, cybersquatting and infringing on Microsoft’s trademarks.

The lawsuit, the report describes, isn’t to get the hackers into court. Instead, the action is one wherein Microsoft is targeting the command-and-control servers belonging to the Russian hackers. Microsoft sees this as the “the most vulnerable point” in Fancy Bear’s espionage operations.

Indeed, Microsoft has already used the lawsuit to take control of 70 unique command-and-control points away from Fancy Bear. Rather than taking physical custody of the servers rented by Fancy Bear in data centers around the world, Microsoft has been busy accumulating the Internet domains that route the traffic to them. Addresses like “livemicrosoft[.]net” which are under the control of Fancy Bear for a mere $10 is now being redirected from Fancy Bear’s servers to Microsoft’s infrastructure. This gives Microsoft a direct, transparent line of sight of that servers’ network of malicious actors.

“In other words,” Microsoft outside counsel Sten Jenson said in a court filing last year, “any time an infected computer attempts to contact a command-and-control server through one of the domains, it will instead be connected to a Microsoft-controlled, secure server.”

Further, the report adds that Microsoft hasn’t explicitly mentioned Russia or Fancy Bear in its lawsuit, instead describing the hacker group as a “sophisticated and well-resourced organization.”

It remains to be seen how much longer Microsoft will continue to disrupt the malicious hacking groups’ operations before the latter change their tact.

Image credit: Wikimedia.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Microsoft Sees Cryptocurrency Miners as an ‘Increasing Threat’

Software giant Microsoft has labelled malicious cryptocurrency miners as an increasing threat as...

Read more arrow_forward

Meltdown, Spectre Bugs Bring More Grief to Microsoft, AMD Users

Microsoft has temporarily paused issuing patches to the Metldown and Spectre vulnerabilities for AMD...

Read more arrow_forward

Russian Hacking Group Fancy Bear Has Been Targeting Journalists Since 2014

Infamous Russian hacker group Fancy Bear, linked to state intelligence agency GRU, has been accused...

Read more arrow_forward